[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Flaw in FV process (was FV and Netscape slagging each other off :-)

To: Nathaniel Borenstein <[email protected]>, Jeff Weinstein <[email protected]>
Subject: Flaw in FV process (was FV and Netscape slagging each other off :-)
From: John Pettitt <[email protected]>
Date: Wed, 31 Jan 1996 15:57:57 -0800
Cc: [email protected]
Sender: [email protected]

At 05:56 PM 1/31/96 -0500, Nathaniel Borenstein wrote about Jeffs attack:
>Your attack would be caught by us relatively quickly because our model
>is based not on a single fail-safe piece of security software, but on
>*process* security.  The overall process is multifaceted, with many
>checks and balances. 

Yes this is all fine and good - but your process does not allow for real time
delivery of goods.  For example:

Somebody wants to buy say micrsoft office from me for electronic delivery
(yes they have a lot of bandwidth :-).  I can authorize a credit card, fun
it by my fraud screen and start shipping in less than 30 seconds.    At this
point the transaction is done.

In the FV model as I understand it I'd have to ship the software and wait for 
an approve/deny/fraud from the user.  If it's anything but approved I'm SOL,
I still have to pay Microsoft for the product but I didn't get paid.

Solve that process flaw and I'll add FV support to software.net.

John Pettitt, [email protected]
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

Prev by Date: Re: No FV supporters?
Next by Date: Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
Prev by thread: re: alleged RC2
Next by thread: [NOISE][CONTEST][FACTS] don't help much, do they?
Index(es):
- Date
- Thread